> -----Original Message-----
> From: Johnson, Robert [mailto:r.johnson_at_cgi.com]
> Sent: 25 October 2010 23:59
> To: users_at_subversion.apache.org
> Subject: Path based authorization
>
> I'm not sure this is a bug or the documentation is wrong, or
> I'm misunderstanding the concept.
>
> The setup and config:
>
> Redhat Enterprise Linux AS release 4 (October Update 7)
> Apache 2.2.16
> Subversion version 1.6.12 from Collabnet
> mod_authz_svn.so built from Subversion sources 1.6.13 (uses
> 1.6.12 libs at runtime)
>
> In the SVN doc:
>
> Section 6.5 Path-Based Authorization
>
> [paint:/projects/paint]
> jane = r
> @paint-developers = rw
>
> Another important fact is that the first matching rule is the
> one which gets applied to a user. In the prior example,
> even though Jane is a member of the paint-developers group
> (which has read/write access), the jane = r
> rule will be discovered and matched before the group rule,
> thus denying Jane write access.
>
> My authz file:
>
> [groups]
> Administrators = admin, r.thompson, john.robbins
> SE-tech = r.thompson, john.robbins, test.user
...I am not sure but can you try with a different name without the '-'
minus sign?
> [/]
> #start with everyone has read access
> * = r
> @Administrators = rw
>
> [SystemEngineering:/trunk]
> test.user = r
> @Administrators = rw
> @SE-tech = rw
>
> I am not getting the results as described in the
> documentation. I thought excluding a user from write access
> even though they were a member of an rw group was kind of
> handy. I have observed this behavior in both svn and http
> protocols. Even though the test.user has been designated as
> "r" on the trunk, that user can still commit to the
> SystemEngineering/trunk repository folder.
>
> Any help or clarification would be greatly appreciated.
>
> Bob Johnson
> CGI - Insurance Sector
> Columbia, S.C.
> (803)917-7751
>
Received on 2010-10-26 08:10:12 CEST